China’s DSL regulation could disrupt data exchange for international shipping

Published: 05 January 2022

• Print page
• Email page
• Tweet

Recently, the media has reported that international ships have failed to receive automatic identification system (AIS) data in China, or that China has blocked public access to ships’ AIS due to the country’s new Data Security Law (DSL). The fall-off in the availability of Chinese terrestrial AIS has sparked concern in the industry ranging from navigation safety concerns to supply chain disruption. There has also been concerns that Chinese ships are no longer allowed to install AIS or GPS.

As far as BIMCO understands, however, the terrestrial AIS data is still available in China, and there has been little impact on navigation safety. Additionally, a ban on AIS or GPS installation on Chinese ships has not been introduced.

Inspired by EU GDPR, China has adopted a trio of data regulations:

• China Cyber Security Law (CSL, came into force on 1 June 2017)
• China Data Security Law (DSL, came into force on 1 September 2021)
• China Personal Information Protection Law (PIPL, came into force on 1 November 2021)

The DSL sets out cross-border data transfer requirements. According to its Article 31, the cross-border transfer of important data collected and generated by “critical” information infrastructure operators within China shall be governed by the CSL, under which data collected and generated by “critical” information infrastructure operators must be stored within the territory of China by principle. Whenever such data needs to be transferred overseas, a security assessment must be performed. Meanwhile, under Article 31 of the CSL, “critical” information infrastructures refer to infrastructures in important industries and sectors, such as public communications, information services, energy, transport, water conservancy, finance, public services, e-government, and other critical information infrastructures that – once damaged, disabled, or data disclosed – may severely threaten the national security, national economy, people’s livelihood, and public interests. International shipping is categorised as “transport” which falls within the critical information infrastructure’s definition (see chart below).

However, DSL neither specifies details about obtaining the approval of the relevant competent authorities, nor which authorities have the right to approve cross-border data sharing. Similarly, DSL does not specify how intermediary service providers will be examined and whether non-compliance of the data provider will be passed on to the intermediary service providers.

How to conduct a security assessment is also unclear. As expected, some Chinese AIS data providers (intermediary service providers) took precautions in response to the DSL, typically by ceasing to share any AIS data generated/operated in China with their foreign business partners. In fact, some foreign AIS data service providers used to invest in their own terrestrial AIS stations in China without permission, which was a grey area prior to the new trio of data regulations. With the new regulation coming into force, however, those unregulated AIS stations have been forced to shut down, causing disturbance in the availability of Chinese terrestrial AIS.

How does the regulation affect international shipping?

The DSL regulation has received attention because of the disturbance to terrestrial AIS data, and BIMCO believes China’s data regulations will have a profound impact on international shipping industry, particularly within the areas of seafarers, ships, and cargo. How will seafarers’ personal information be treated when it comes to P&I clubs, flag states and other stakeholders who inevitably need to make cross-border transfers of such data? How will the relation between “critical” information infrastructures, transportation, and shipping be defined? How will cargo information be accessed when carriers report to their overseas agents? And how can such a security assessment be carried out when owners and managers export their data out of China?

Since there are no specific rules on the cross-border transfer of important data collected and produced during operations by general data processors within the territory of China, BIMCO encourages its members to follow the developments closely.

As far as BIMCO is aware, the China Ministry of Transportation (MOT) is currently working closely with the state cyberspace administration and other government bodies to work out specific rules for implementation. Once the outcome of those discussion is available, it should provide some clarity to the international shipping industry.